more ill-fated attempts?

ifd3f · Mar 25, 2024 · d818805 · d818805
1 parent 8b3c9b1
commit d818805
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 10 deletions.
diff --git a/machines/boop/README.md b/machines/boop/README.md
@@ -1,3 +1,3 @@
-# `xn--vp9h` (pronounced 🤓)
+# boop
 
 another server for applications and compute and stuff
diff --git a/machines/boop/boot.nix b/machines/boop/boot.nix
@@ -23,16 +23,13 @@ in {
 
   # because we want to be able to decrypt host keys over SSH
   boot.initrd.network = {
-    udhcpc = {
-      enable = true;
-      extraArgs = [ "-i" constants.mgmt_if ];
-    };
+    enable = true;
+    udhcpc.enable = true;
     postCommands = ''
       ip addr
     '';
     ssh = {
       enable = true;
-      port = 2222;
       hostKeys = [ ./initrd/ssh_host_rsa_key ./initrd/ssh_host_ed25519_key ];
       authorizedKeys = inputs.self.lib.sshKeyDatabase.users.astrid;
     };

diff --git a/machines/boop/bootstrap.sh b/machines/boop/bootstrap.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+mkdisks() {
+  zpool create rpool mirror /dev/disk/by-id/nvme-eui.6479a7869ad03b89 /dev/disk/by-id/nvme-eui.6479a7869ad04a16
+  zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase rpool/enc
+  zfs set mountpoint=none rpool
+  zfs set compression=on rpool
+  for pool in rpool/enc/var rpool/enc/etc rpool/enc/tmp rpool/enc/home rpool/nix; do
+    zfs create -o mountpoint=legacy $pool
+  done
+  zfs list
+}
+
+mountdisks() {
+  mount -t tmpfs -osize=256M,mode=755 rootfs /mnt
+  mount -t zfs -o x-mount.mkdir rpool/enc/tmp /mnt/tmp
+  mount -t zfs -o x-mount.mkdir rpool/nix /mnt/nix
+  mount -t zfs -o x-mount.mkdir rpool/enc/var /mnt/var
+  mount -t zfs -o x-mount.mkdir rpool/enc/etc /mnt/etc
+  mount -t zfs -o x-mount.mkdir rpool/enc/home /mnt/home
+  mount -o x-mount.mkdir /dev/disk/by-uuid/D30E-26C7 /mnt/boot
+}
+
+runinstall() {
+  nixos-install --no-channel-copy --option substituters "" $@
+}
diff --git a/machines/boop/configuration.nix b/machines/boop/configuration.nix
@@ -17,6 +17,7 @@ with lib; {
 
   astral = {
     users.alia.enable = true;
+    users.astrid.enable = true;
     virt = {
       docker.enable = true;
       libvirt.enable = true;

diff --git a/machines/boop/fs.nix b/machines/boop/fs.nix
@@ -4,6 +4,7 @@
   fileSystems."/" = {
     device = "rootfs";
     fsType = "tmpfs";
+    options = [ "defaults" "size=256M" "mode=755" ];
   };
 
   fileSystems."/tmp" = {

diff --git a/nix/nixos-modules/roles/server.nix b/nix/nixos-modules/roles/server.nix
@@ -16,10 +16,10 @@ with lib; {
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_hardened;
 
   # Enable SSH in initrd for debugging
-  boot.initrd.network.ssh = {
-    enable = true;
-    authorizedKeys = [ inputs.self.lib.sshKeyDatabase.users.astrid ];
-  };
+  # boot.initrd.network.ssh = {
+  #   enable = true;
+  #   authorizedKeys = [ inputs.self.lib.sshKeyDatabase.users.astrid ];
+  # };
 
   astral = {
     acme.enable = true;